goncalor

@goncalor@infosec.exchange

Defend. Pwn. Infosec. Free software. Vim nerd. #rustlang #electronics

This profile is from a federated server and may be incomplete. Browse more on the original instance.

goncalor, to anki

Discovered and started to use this week. Seems like a fresh approach compared with , which I've used for some periods in the past to learn kanji.

From Mastodon I just learned about which seems will come in handy.

I'm planning a trip to later this year and I'd like to learn as much as possible by then.

I feel I should join some classes, but unsure which. Any recommendations? I've heard of .

Any interesting accounts to follow on Mastodon as well? Maybe some with some simple posts in Japanese?

PS: Is worth it? Always seems too slow/easy.

goncalor,

This morning I completed level 1 🙂

goncalor, to random

"“What we’re seeing today, we believe, is systematic cost transference from technology providers who make decisions to design products a certain way to customers, who then have to bear the burden to patch, to mitigate, to respond,” Goldstein said. “It doesn’t make sense to us, at least as applied to smaller organizations that really can’t bear that burden.”"
https://cyberscoop.com/cisa-goldstein-secure-by-design/

goncalor, to random

Started the , which will last the whole of October.

https://huntress.ctf.games/

goncalor,

Solved all challenges except for one (need Windows, which I can't use or a VM at the moment).

So far I think this CTF is quite cool for practice for beginners.

Thank you Huntress team for organising this.

https://huntress.ctf.games/

goncalor, to Cybersecurity

Does anyone know of any kind of standards for applicational logging that define events to log and a format/syntax to log them?

I've found old MITRE CEE and OWASP references below. Are there any others like these?

Please boost if you can.

https://cee.mitre.org/language/1.0-beta1/core-profile.html

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Logging_Vocabulary_Cheat_Sheet.md

0xabad1dea, to random

Hatsune Miku's official instagram account got nuked. I know she wrote every problematic book and game in the last twenty years but this is a step too far

goncalor,

@0xabad1dea for reference.

indutny, to random
@indutny@fosstodon.org avatar

Level 13 of !

I'm about to get my first burned items (radicals from Level 1), so technically I should be around the peak of number things that I need to keep in short term memory at the same time! With that in mind, I had what I think of as, a "restructuring" week. A lot of kanji/vocabulary has similar pronunciation so had to slow down to 10 new lessons per day and make a lot of mistakes, but all to get a more solid picture of kanjis!

image/png

goncalor,

@indutny congratulations on one year! 😃

一年目おめでとう, I guess 😅

goncalor, to debian

Had a running acting as a kiosk with some dashboards opening on Chromium. It all started breaking down after a few hours.

After investigating I understood that was filling more and more as time passed.

So today I studied a bit of . My final solution was to configure this for the service that launches chromium:

systemctl set-property <service> MemoryHigh=400M MemoryMax=700M

This ensures that if the processes in the service tree reach beyond 400 MB the starts taking memory away from the processes. If the memory reaches 700 MB the (out-of-memory) killer kicks in and kills the processes from the service.

Ah, and on the Raspberry Pi memory cgroups need to be enabled by adding cgroup_enable=memory in /boot/cmdline.txt .

It would be better for Chromium to just behave, but this works for now.

goncalor, to random Portuguese

Look at the amount of junk Adobe.com has on its TXT record.

AstraKernel, to programming

Guess the programming language.

goncalor,

@AstraKernel with such absurdity it's probably JavaScript...

goncalor, to fediverse

It seems Mastodon is now "serious enough" that people want to advertise here. Well... glad you won't.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    goncalor,

    @GossiTheDog lol, written by a CISO. The cyber on that org must be great!! 😬

    Curious about the podcast reference too 😨

    goncalor,

    @GossiTheDog that's taken from the exactly same podcast of the first one...

    stargirl, to random
    @stargirl@hachyderm.io avatar

    KiCanvas is an open source, interactive, browser-based viewer for KiCAD schematics and boards- and now it's in 🎉 public alpha 🎉

    Head over to my blog to learn more and try it out for yourself 🧚‍♀️ https://blog.thea.codes/introducing-kicanvas/

    video/mp4

    goncalor,

    @stargirl OMG, great work!! 🙌

    goncalor, to random

    Does anyone have a way to remotely confirm the service running on port 1801 is ? I've tested and it seems it cannot identify the service.

    goncalor,

    I've managed to figure out a packet that if sent to a server results in a response that can be fingerprinted.

    If you send this packet and the response contains LIOR and a bunch of ZZZZ this indicates the service is probably MSMQ.

    I can't guarantee this works for all versions, but it works at least for recent ones.

    I'm going to try to write a service probe for this service.

    echo -ne '\x10\x00\x0b\x00\x4c\x49\x4f\x52\x3c\x02\x00\x00\xff\xff\xff\xff\x00\x00\x02\x00\x06\x55\x3d\x51\x36\xdf\xc7\x40\x96\x43\x17\x5c\x3c\xe7\x6c\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | ncat -v 127.0.0.1 1801 | hd

    goncalor,

    Nmap service probe already written. Should publish it later.

    goncalor,

    @VitorHSSousa and myself have developed a service probe to identify whether a service on port 1801 is .

    I've just published it on the URL below. We can't guarantee this will successfully detect every version, but we've tested with a few Windows Server and non-server versions and it seems to work across at least recent ones.

    We hope this helps defenders identify exposed MSMQ so they can mitigate the risk from .

    https://gist.github.com/goncalor/a01ba66927c0dc704000d7bf1327d36e

    goncalor,

    Just out of curiosity, a comparison of our probe vs the one I've seen is using.

    The protocol is proprietary, so I have no ideia what theirs is doing 🤷‍♂️

    goncalor,

    And since we're here... A comparison of and 's probes. They are using the same probe except for the padding.

    How do I know all this? May have quickly set up a terrible last night 😄​

    goncalor,

    @driftnet was kind enough to share that the protocol is actually documented by Microsoft (link below). So with this knowledge in hand I was curious to see what the fields being sent/received actually are.

    A client and server GUIDs are sent. So you can actually write whatever you want there to make a custom probe. In the image I've specified client GUID as DEADBEEFDEADBEEF (in blue) and the server GUID is what's in red.

    https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/85498b96-f2c8-43b3-a108-c9d6269dc4af

    goncalor,

    It seems 0x524F494C is always used as the BaseHeader.Signature. Those hex bytes correspond to... surprise, surprise... the "LIOR" string that appears in every packet 😀​

    I'm planning on submitting a PR to to add the probe to the list that ships with it.

    goncalor,

    The ZZZZ (🐝​) at the end of the response packet are mandatory.

    > When the EstablishConnectionHeader is part of a response
    packet from a server, each byte of this array MUST be filled with the value 0x5A.

    GossiTheDog, to random
    @GossiTheDog@cyberplace.social avatar

    The Guardian (who are themselves working out of a pub still due to a ransomware attack in December 2022) are reporting (a major IT supplier) have a "IT incident", staff have been told to not use VPN, and they are working with pen and paper since this morning. Thread follows. https://www.theguardian.com/business/2023/mar/31/capita-it-systems-fail-cyber-attack-nhs-fears?CMP=share_btn_tw

    goncalor,

    @GossiTheDog ridiculous.

    Louvre: the attacker stole just 0.02% of the paintings.

    The stolen painting was the Mona Lisa.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ngwrru68w68
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • GTA5RPClips
  • Durango
  • Youngstown
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • megavids
  • cubers
  • ethstaker
  • osvaldo12
  • modclub
  • cisconetworking
  • mdbf
  • tester
  • tacticalgear
  • Leos
  • normalnudes
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •